Hospitality has been hit again. This time, if it isn’t the largest data breach on record, it is certainly right up toward the top. Marriott International announced this week that information of guests reaching up to 500 million was exposed in a breach of the Starwood properties guest reservation system. And it wasn’t just a short-term breach…the intruders may have been lurking around since 2014.

Unfortunately, it affects more than guests who actually stayed. It affects anyone who made a reservation from 2014 up to September 8, 2018. Information that was exposed includes pretty much anything you’d give to a property to make a reservation: Names, dates of stay, payment card information, address, email address, loyalty card number, password, passport numbers if provided, and any information stored in the loyalty program database that includes birthdate, gender, and stay preferences.

So what can you do if you were included in that massive group of victims?

Monitor payment card charges diligently for at least the next year. If you see anything amiss, contact the financial institution right away and get it resolved.

Keep an eye your loyalty club account. There have been instances when intruders steal your award points and exchange them for free nights on you, gift cards, or other awards.

Sign up for the free services Marriott is offering. They are providing one year of services from WebWatcher to affected guests. This service monitors internet sites for shared personal information and alerts the customer if any is found. In addition, Marriott will provide fraud consultation and reimbursement at no charge.

Report your passport as stolen and get a new one. You can go to the State Department website for information on how to do this. It can be reported online, via mail, or by phone.

Watch for targeted phishing attacks using information contained in this group of details. The more specific information included, the more likely you will click on a link or attachment in an email. If you are not expecting a link or attachment, or even if you are, be 100% sure it’s safe before you click it. Hover the mouse pointer over it to make sure it’s going where you expect it to or hold down on it for more than 3 seconds if you’re on a mobile device. If it’s a “phishy” looking link, don’t click it.

If you are changing any details in your account, go directly to the Starwood or Marriott site and log into your account. Don’t click links that request personal information.

Now that the cat’s out of the bag on this, you may receive all kinds of messages using information from this breach. Use extreme caution when responding to any of them and don’t “reply” to the emails. Instead, get the phone number off Starwood’s website or contact them some other way not using information in any email, just to be on the safer side.

If you have additional questions, there is a dedicated call center set up for this incident. Marriott is sending email letters out to those affected on a rolling basis starting November 30.

Newly discovered email attacks are catching some very big phish lately. Earlier this year, a downloader called AdvisorsBot was discovered and found to target restaurants, hotels, and telecom companies. Attacks on these industries aren’t new, but this email phishing campaign is unusually effective. In addition to its success, AdvisorsBot is evolving as it develops in force. By continually transforming, it keeps detection and protection against it nearly impossible for data security systems to fight.

AdvisorsBot was first discovered in C programming language, the most widely used, general purpose “language” for systems worldwide. In this case, other AdvisorsBot versions were also found in .NET and PowerShell. That leads security experts to believe AdvisorsBot is a work in progress that takes many shapes and continues to morph. Using C, .NET, and PowerShell is a recipe for success for hackers and a reason for serious concerns to security experts.

Once a hacker gains access to these systems through phishing emails, the attack grows quickly and embeds itself as a first-stage payload. Once that first-stage is carried out, AdvisorsBot identifies and extracts details leading to other targets to infect within a company. Malware that continually evolves is extremely difficult to detect and ultimately near impossible to fight. For AdvisorsBot, the malicious emails are specifically created to attack certain industries and expand further and deeper into data systems.

It cannot be stressed enough that ensuring you don’t get hooked by a phishing lure is how these types of bots are stopped in their tracks. Watch for the tell-tell signs:

An email is from an unknown sender

The message is unexpected, regardless of who sent it

The words used to craft the text are grammatically incorrect, contain typos, and other errors

If it’s supposedly from a professional organization, watch for images used that are not current or look unprofessional and/or there is a use of slang or other non-business sounding terminology. For example, pay attention if the message refers to “cops” rather than “law enforcement.”

We know the perils of email phishing and the importance of not falling for them. However, these emails target employees with industry-specific content. For instance, a restaurant employee may receive an email about food poisoning with attached files about the problem. Out of genuine concern, an unwitting employee clicks on an attachment and – bam! Opening just one file opens the door to entire systems being compromised. In this case with AdvisorsBot, further information is gleaned from the initial target, allowing it to attack vendors and countless others associated with the restaurant.

Targeting employees is a favorite and very successful way for hackers to gain access to data systems. Now more than ever, employee cybersafety education is a front line for keeping a business or, in the case of AdvisorsBot, entire industry safe. The disturbing success of AdvisorsBot shows how investing in ongoing education for employees can be as important as providing cyber-resilient data systems. When combined, employee education and attack-resilient systems provide a path to future online safety for all involved.

Company Name: Marriott/StarwoodBreach Reported: 11/30/2018Number of Individuals Affected: 500 Million

Details:
Marriott disclosed on November 19 that up to 500 million guests may have been victims of a data breach. Personal information including names, addresses, email addresses, phone numbers, birthday, gender, and even passport numbers were accessed of guests staying at a Starwood property before September 10. For some guests, payment card information was also accessed.

Security Recommendations:
While it is always important to check your monthly card statements, potential victims should be extra cautious when reviewing their monthly card statements for at least the next 12 months. If you notice any purchase that you feel was not yours, contact your financial institution immediately. More information is likely forthcoming on this.

There are a number of hacking groups making life difficult for consumers, but none quite as successful and regimented as Fin7. No one has tied the group to a country of origin, but the Russian-speaking group works on a regular business schedule. Generally, that’s a Monday through Friday, 9 to 5 type of gig with nights and weekends off. Their only job is stealing payment card information from mega corporations. Raking in $50 million a month, they’re clearly very good at it. Who knows? They may even offer health and retirement benefits.

Fin7 is far from the only hacking group out there, but they are arguably one of the most structured and best at what they do. Their most recent attack on Saks Fifth Avenue and Lord & Taylor put 5 million identities for sale on the Dark Web. Fin7 was also behind hacking Trump Hotels, Whole Foods, and Chipotle, and they specialize in mega retail companies.

According to experts, the group is also behind successful spin-off factions. Carbanak is one splinter group, famously targeting financial institutions worldwide to the tune of over $1 billion. In many ways, one can look at Fin7 as a growing organization that’s diversifying its talents to maximize profits. Like many corporations, that’s not unusual for a business model geared toward growing its bottom line.

Mega hacking groups are a growing part of our cyber culture. They worm their way into our everyday lives and strike without warning. As we know, some groups work for specific governments with political agendas, while others are strictly financially motivated. We hear about the big corporate breaches, but we rarely hear about the everyday smaller hacks. There’s no reason to believe groups like Fin7 and others won’t stop at the mega hacks they’re known for, but it’s also likely that no matter how small your organization, it may get caught up in it too.

But there are some things that can be done to lower any company’s risk. Ensuring all computers and mobile devices are set up with all the relevant security software is paramount. Keeping all of those updated with the latest patches and versions of the software running on them is another important step. Once those are all in place, perform some awareness training on the latest cybersecurity threats. Don’t just stop at one time though. Make this ongoing. Threats change, evolve, and morph into more dangerous or just different ones. Having a one and done attitude doesn’t cut it anymore. Arming employees with the latest news and information on all these things will put you on the path to avoiding becoming the next news headline.

Fin7 and others are expanding and may end up including smaller hacks on smaller targets. Right now, anything and everything is up for grabs for these groups. Regardless of their next conquest, big or small, hacking groups are a force to be reckoned with. Their next target may be unknown, but it’s bound to be successful. That’s especially true when these cybercrime organizations are run the way many of us run our own lives; by going to work every day.

Earlier this year, the Spanish National Police arrested the alleged head of notorious Carbanak cybercrime group. Experts warn the confinement of the Carbanak kingpin will not stop the proliferation of the group’s highly successful spear-phishing campaigns. The malware strains are still out there, becoming more refined and more powerful with time. Over 40 countries and their financial systems have been attacked by the Carbanak group. The kingpin’s arrest was largely due to cooperation among law enforcement around the world.

Since 2015, the Carbanak syndicate gained notoriety as a highly effective cybercrime ring targeting financial and banking institutions and e-payment systems worldwide. Their haul is believed to have hit the $1 billion mark as of this year. Perhaps Carbanak’s most aggressive malware, Cobalt, allowed its members to steal 10 million Euros per heist. Last year, it was discovered the group switched targets from the financial arena to retail, restaurants, and hospitality services.

Since its inception in 2013, Carbanak grew to refine its malware-laced spear phishing hacks. The group would send these malicious attachments in emails to bank employees. Once the employees acted on the attachment, Carbanak was in motion. Their malware infects the network, allowing them to control ATM’s and e-payment networks. A group member would be at a pre-determined ATM at a specific time and receive a payout anyone would envy. They also hacked financial e-payment systems, easily transferring funds to their own criminal accounts. Carbanak also helped themselves to bank accounts and other financial data like credit and debit card numbers. In fact, their model is so successful that other cybercriminals are using it for their own hack attacks. In November, a group called Silence was discovered to have very similar traits to Carbanak. Experts know other hackers are using Carbanak and their gang model for their own gain. Other strains of Carbanak’s malware are still out there and getting stronger.

The one given the group and other phishing hacks count on for success is human vulnerability, or gullibility.

Groups like Carbanak count on unsuspecting employees getting tricked by very slick emails. From there, it unleashes a malware virus that could cripple their company data systems, costing their company and customers untold harm.

That’s why security professionals continue to stress the importance of being on the lookout for phishing attacks. Unfortunately, there is no template for these anymore and they are even tricking the most technically adept these days, putting everyone on a level playing field.

So, always review email messages carefully for unexpected attachments or links, or instructions to head to a particular site to perform an action. Instead, log into your accounts directly from pre-saved links, don’t click attachments or links unless you are 100% certain they are safe, and always question strange requests to send wire transfers, provide credentials or sensitive information, or to do something in a rush for fear of something bad occurring. Carbanak, and other hacking groups like them, are banking on us all doing exactly these things.

We use cookies to give you a more relevant browsing experience and improve our website. Using this site means that you agree with our use of cookies policy.

Chances are pretty good that you have heard the term business email compromise or BEC by now. It is a type of wire transfer fraud that the FBI has deemed one of the most prevalent types of scam going around these days. In 2017, there were over 15,690 complaints that resulted in total adjusted losses of more than $675 million. That is an 87% increase over 2016 and it is expected to continue to rise. The Identity Theft Resource Center (ITRC) reported that of the fraud related complaints reported in 2017, the most common type was wire transfer fraud.

Chances are pretty good that you have heard the term business email compromise or BEC by now. It is a type of wire transfer fraud that the FBI has deemed one of the most prevalent types of scam going around these days. In 2017, there were over 15,690 complaints that resulted in total adjusted losses of more than $675 million. That is an 87% increase over 2016 and it is expected to continue to rise. The Identity Theft Resource Center (ITRC) reported that of the fraud related complaints reported in 2017, the most common type was wire transfer fraud.

This Privacy Policy applies to and is provided on behalf of Stickley on Security. (collectively referred to as "We", "Us", or "Our") and describes Our information gathering
practices and policies in connection with this Site. We value your ("User", "You", or "Your") privacy and recognize the sensitivity of Your personal information. We are
committed to protecting Your personal information and using it only as appropriate to provide You with the best possible service, products, and opportunities. Use of this
Site constitutes consent to Our collection and use of personal data as outlined herein.

COLLECTION AND USE OF PERSONAL INFORMATION FROM SITE USERS

We collect personally identifiable information from Users who provide it to us for billing purposes. For example, We collect Your name, street address, city, state, zip
code, telephone number, email address, and financial information, such as a credit card number, if You use the Site to register or renew a license. We may use this
information to contact You regarding the status of Your account and orders placed, and to alert You to new information, products and services, events and other
opportunities. We recognize that You may wish to limit the ways in which You are contacted and provide You with opt-out options below. Information about Our experiences and
transactions with you, such as your payment history, types of services and/or products you purchased are not shared with organizations outside of Stickley on Security.

We will not disclose to third parties (that is, people and companies that are not affiliated with Us) individually identifying information, such as names, postal and e-mail
addresses, telephone numbers, and other personal information, except to the extent that it is necessary to process and provide You with Your order, license request or
other request. Your contact information may also be provided to the extent necessary to comply with applicable laws or legal processes (e.g., subpoenas), or to meet contractual obligations outlined in this policy, or to protect Our
rights or property. We will cooperate with all law enforcement authorities.

If Your order, license request or other request is processed by a third-party, or if You are provided with bulletin boards and chat rooms and/or email capabilities on
this Site, please note that in the event that You voluntarily disclose personally identifiable information in those instances, that information, along with any substantive
information disclosed in Your communication or post, can be collected, correlated and used by third parties. This may result in unsolicited messages from third parties. Such
activities are beyond Our control, and We encourage You to check the applicable privacy policy of such party when providing personally identifiable information.

For each visitor to this Site, Our server can detect and collect certain information, including the User's domain name and e-mail address, and can identify the Web pages the
User visited or accessed. We may use this information in order to measure interest in and use of the various areas of the site.

We do not knowingly solicit information from children and We do not knowingly market the Site or its services to children.

OPT-OUT

You may at any time opt out of having Your personal information used by Us to send You promotional correspondence by contacting Us via e-mail provided in the "Contact Us"
section below.

PROMOTION CODES

"Promotion codes" are offered by third-party affiliates of the Stickley on Security Training Videos. If you choose to include a "Promotion Code" when placing your order, the affiliate who is associated with that promotional code will receive your organizations name. They will NOT however receive any other information related to your account. The sharing of the organization name only applies when a "Promotion Code" is included during the order process.

USE OF COOKIES

1. First-party cookies
User input cookies to keep track of the user's input when filling online forms, shopping carts, etc., for the duration of a session, or persistent cookies limited to the duration of an operation such as purchase or trial;
User identification persistent cookies, to identify the user visited the website for the first time;
Authentication cookies, to identify the user once he has logged in, for the duration of a session;
user interface customization cookies such as time zone and shopping cart status info, for the duration of a session (or slightly longer).

2. Third-party cookies
social plug in content sharing cookies, for logged in members of a social network;
Google Analytics cookies to generate statistical data on how the visitor uses the website.

How do we use them?
Where strictly necessary. These cookies and other technologies are essential in order to enable the Services to provide the feature you have requested, such as remembering you have logged in.

For functionality. These cookies and similar technologies remember choices you make such as time zone and shopping cart info. We use these cookies to provide you with an experience more appropriate with your selections and to make your use of the Services more tailored.

For performance and analytics. These cookies and similar technologies collect information on how users interact with the Services and enable us to improve how the Services operate. For example, we use Google Analytics cookies to help us understand how visitors arrive at and browse our products, services and website to identify areas for improvement such as navigation, user experience, and marketing campaigns.

Social media cookies. These cookies are used when you share information using a social media sharing button or .like. button on our websites or you link your account or engage with our content on or through a social media site. The social network will record that you have done this. This information may be linked to targeting/advertising activities.

How can you opt-out?
To opt-out of our use of cookies, you can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from websites you visit. If you do not accept cookies, however, you may not be able to use our Services.

Updates to this Cookie Policy
This Cookie Policy may be updated from time to time. If we make any changes, we will notify you by revising the "effective starting" date at the top of this notice.

INFORMATION SECURITY AND CONFIDENTIALITY

We maintain physical, electronic and procedural safeguards to prevent the unauthorized release of or access to Your personal information. When We transfer and receive
certain types of sensitive information such as financial information, We redirect visitors to a secure server. We do not store or reuse Your credit card information. We do
not record or manager financial information about You (including credit card and other payment information). However, such precautions do not guarantee that this Site is
invulnerable to all security breaks. We make no warranty, guarantee, or representation that the use of this Site is protected from viruses, security threats, or other
vulnerabilities and that Your information will always be secure. We cannot guarantee the confidentiality of any communication or material transmitted to/from Us via the Site
or e-mail. Use of the Internet is solely at Your own risk and is subject to all applicable local, state, federal, and international laws and regulations.

THIRD PARTY PROCESSING

Stickley on Security uses the vendor Authorize.net to process all payment transactions. When making a purchase on this site, You also accept the Terms and Conditions and
Privacy Policy of Authorize.net.

CONTACT US

This Privacy Policy may be updated periodically and posted on this Site. It applies only to Our online practices and does not encompass other areas of the organization. We
reserve the right to change this Policy at any time by posting revisions. By accessing or using the Site, You agree to be bound by all of the Terms of this Privacy Policy as
posted at the time of Your access or use. We reserve the right to contact Users of the Site regarding changes to the Terms and Conditions generally, this Privacy Policy
specifically, or any other policies or agreements relevant to the Site's Users. If You have any questions about this Policy, You may email to:

Keep up with the latest cyber security news through our weekly Fraud News & Alerts updates.
Each week you will receive an email containing the latest cyber security news, tips and breach notifications.

Simply complete the form below and you're all set.

You're all set!

You will receive your first official security update email within the next week.
A welcome email has also just been sent to you. If you do not receive this email within the next few minutes, please check your Junk box or spam filter to confirm our emails are not being blocked.